total number of suspected botnet IPs: 33133
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30688
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1620 |
| 2 | TENCENT-CN | 765 |
| 3 | DIGITALOCEAN-192-241-128-0 | 622 |
| 4 | Baidu | 568 |
| 5 | HINET-NET | 528 |
| 6 | VIETTEL-VN | 522 |
| 7 | ALISOFT | 516 |
| 8 | VNPT-VN | 460 |
| 9 | NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK | 409 |
| 10 | CMNET | 368 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8317 |
| 2 | United States | 4024 |
| 3 | Russian Federation | 2072 |
| 4 | Brazil | 1724 |
| 5 | India | 1605 |
| 6 | Viet Nam | 1480 |
| 7 | Indonesia | 909 |
| 8 | France | 889 |
| 9 | Taiwan | 704 |
| 10 | South Korea | 594 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 386940 |
| 2 | 1433 | 91422 |
| 3 | 220 | 81456 |
| 4 | 22 | 42790 |
| 5 | 23 | 37321 |
| 6 | 522 | 21079 |
| 7 | 422 | 19042 |
| 8 | 822 | 17566 |
| 9 | 1122 | 17552 |
| 10 | 922 | 15806 |
Suspected Bot List [2020-11-29]
detection period: 2020-11-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2445
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2445
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Sunday, November 29, 2020
Botnet Statistics [2020-11-28]
detection period: 2020-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 32756
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30294
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 32756
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30294
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1460 |
| 2 | TENCENT-CN | 684 |
| 3 | DIGITALOCEAN-192-241-128-0 | 613 |
| 4 | VIETTEL-VN | 584 |
| 5 | HINET-NET | 533 |
| 6 | Baidu | 519 |
| 7 | ALISOFT | 475 |
| 8 | VNPT-VN | 469 |
| 9 | CMNET | 379 |
| 10 | VE-CSVE-LACNIC | 376 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 7648 |
| 2 | United States | 4250 |
| 3 | India | 2185 |
| 4 | Russian Federation | 1876 |
| 5 | Viet Nam | 1614 |
| 6 | Brazil | 1557 |
| 7 | Indonesia | 1032 |
| 8 | France | 890 |
| 9 | Taiwan | 693 |
| 10 | South Korea | 554 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 577260 |
| 2 | 220 | 78158 |
| 3 | 822 | 64533 |
| 4 | 422 | 64057 |
| 5 | 722 | 58285 |
| 6 | 522 | 58212 |
| 7 | 622 | 58168 |
| 8 | 922 | 56181 |
| 9 | 1122 | 55849 |
| 10 | 22 | 40532 |
Suspected Bot List [2020-11-28]
detection period: 2020-11-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2462
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2462
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Saturday, November 28, 2020
Botnet Statistics [2020-11-27]
detection period: 2020-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 34329
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31879
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 34329
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31879
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1462 |
| 2 | VIETTEL-VN | 794 |
| 3 | VNPT-VN | 740 |
| 4 | TENCENT-CN | 692 |
| 5 | DIGITALOCEAN-192-241-128-0 | 619 |
| 6 | Baidu | 524 |
| 7 | HINET-NET | 495 |
| 8 | ALISOFT | 493 |
| 9 | VE-CSVE-LACNIC | 431 |
| 10 | TELKOMNET | 389 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 7795 |
| 2 | United States | 4251 |
| 3 | India | 2349 |
| 4 | Viet Nam | 2137 |
| 5 | Russian Federation | 2066 |
| 6 | Brazil | 1605 |
| 7 | Indonesia | 1249 |
| 8 | France | 832 |
| 9 | Thailand | 754 |
| 10 | Taiwan | 647 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 494005 |
| 2 | 1002 | 81973 |
| 3 | 1001 | 81413 |
| 4 | 220 | 77989 |
| 5 | 26 | 77143 |
| 6 | 1000 | 67708 |
| 7 | 822 | 63119 |
| 8 | 422 | 44293 |
| 9 | 922 | 42560 |
| 10 | 622 | 42023 |
Suspected Bot List [2020-11-27]
detection period: 2020-11-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2450
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2450
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Friday, November 27, 2020
Botnet Statistics [2020-11-26]
detection period: 2020-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 35255
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32650
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35255
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32650
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1479 |
| 2 | VIETTEL-VN | 789 |
| 3 | TENCENT-CN | 724 |
| 4 | VNPT-VN | 668 |
| 5 | DIGITALOCEAN-192-241-128-0 | 606 |
| 6 | Baidu | 530 |
| 7 | HINET-NET | 491 |
| 8 | ALISOFT | 471 |
| 9 | TELKOMNET | 467 |
| 10 | VE-CSVE-LACNIC | 399 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 7886 |
| 2 | United States | 4250 |
| 3 | India | 2224 |
| 4 | Viet Nam | 2116 |
| 5 | Russian Federation | 2056 |
| 6 | Brazil | 1839 |
| 7 | Indonesia | 1337 |
| 8 | France | 871 |
| 9 | Thailand | 828 |
| 10 | Taiwan | 637 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 458597 |
| 2 | 29 | 166079 |
| 3 | 27 | 118929 |
| 4 | 28 | 95544 |
| 5 | 1000 | 84171 |
| 6 | 220 | 77543 |
| 7 | 822 | 62039 |
| 8 | 422 | 49035 |
| 9 | 922 | 48796 |
| 10 | 22 | 46924 |
Suspected Bot List [2020-11-26]
detection period: 2020-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2605
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2605
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Thursday, November 26, 2020
Botnet Statistics [2020-11-25]
detection period: 2020-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 35484
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32805
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35484
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32805
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1543 |
| 2 | VIETTEL-VN | 772 |
| 3 | TENCENT-CN | 742 |
| 4 | VNPT-VN | 708 |
| 5 | DIGITALOCEAN-192-241-128-0 | 607 |
| 6 | Baidu | 553 |
| 7 | HINET-NET | 522 |
| 8 | TELKOMNET | 496 |
| 9 | ALISOFT | 483 |
| 10 | VE-CSVE-LACNIC | 433 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8218 |
| 2 | United States | 3942 |
| 3 | India | 2363 |
| 4 | Viet Nam | 2167 |
| 5 | Russian Federation | 2095 |
| 6 | Brazil | 1656 |
| 7 | Indonesia | 1354 |
| 8 | France | 839 |
| 9 | Thailand | 760 |
| 10 | Taiwan | 681 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 505249 |
| 2 | 220 | 77870 |
| 3 | 1433 | 48799 |
| 4 | 1022 | 42527 |
| 5 | 22 | 41684 |
| 6 | 23 | 37521 |
| 7 | 422 | 26886 |
| 8 | 822 | 26080 |
| 9 | 1 | 24567 |
| 10 | 922 | 21760 |
Suspected Bot List [2020-11-25]
detection period: 2020-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2679
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2679
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Wednesday, November 25, 2020
Botnet Statistics [2020-11-24]
detection period: 2020-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 35148
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32612
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35148
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32612
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1545 |
| 2 | VIETTEL-VN | 754 |
| 3 | TENCENT-CN | 736 |
| 4 | VNPT-VN | 719 |
| 5 | DIGITALOCEAN-192-241-128-0 | 600 |
| 6 | Baidu | 560 |
| 7 | HINET-NET | 507 |
| 8 | VE-CSVE-LACNIC | 448 |
| 9 | ALISOFT | 445 |
| 10 | TELKOMNET | 432 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8235 |
| 2 | United States | 3918 |
| 3 | India | 2352 |
| 4 | Russian Federation | 2179 |
| 5 | Viet Nam | 2108 |
| 6 | Brazil | 1623 |
| 7 | Indonesia | 1311 |
| 8 | France | 809 |
| 9 | Thailand | 724 |
| 10 | Taiwan | 669 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 489505 |
| 2 | 220 | 76047 |
| 3 | 23 | 52684 |
| 4 | 22 | 45471 |
| 5 | 1433 | 41716 |
| 6 | 1022 | 38035 |
| 7 | 6004 | 20715 |
| 8 | 1237 | 19819 |
| 9 | 333 | 17975 |
| 10 | 20 | 17036 |
Suspected Bot List [2020-11-24]
detection period: 2020-11-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2536
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2536
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Tuesday, November 24, 2020
Botnet Statistics [2020-11-23]
detection period: 2020-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 35853
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33270
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35853
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33270
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1569 |
| 2 | VIETTEL-VN | 767 |
| 3 | TENCENT-CN | 753 |
| 4 | VNPT-VN | 694 |
| 5 | DIGITALOCEAN-192-241-128-0 | 620 |
| 6 | Baidu | 550 |
| 7 | HINET-NET | 539 |
| 8 | TELKOMNET | 487 |
| 9 | ALISOFT | 431 |
| 10 | NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK | 430 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8262 |
| 2 | United States | 4018 |
| 3 | India | 2410 |
| 4 | Russian Federation | 2208 |
| 5 | Viet Nam | 2113 |
| 6 | Brazil | 1670 |
| 7 | Indonesia | 1450 |
| 8 | France | 853 |
| 9 | Thailand | 801 |
| 10 | Taiwan | 701 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 443323 |
| 2 | 1433 | 109728 |
| 3 | 220 | 80102 |
| 4 | 999 | 55057 |
| 5 | 1722 | 50189 |
| 6 | 22 | 45954 |
| 7 | 23 | 37365 |
| 8 | 1022 | 32526 |
| 9 | 6004 | 22001 |
| 10 | 17 | 16316 |
Suspected Bot List [2020-11-23]
detection period: 2020-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2583
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2583
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Monday, November 23, 2020
Botnet Statistics [2020-11-22]
detection period: 2020-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 32373
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30031
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 32373
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30031
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1665 |
| 2 | TENCENT-CN | 778 |
| 3 | Baidu | 632 |
| 4 | DIGITALOCEAN-192-241-128-0 | 603 |
| 5 | VIETTEL-VN | 489 |
| 6 | ALISOFT | 473 |
| 7 | HINET-NET | 447 |
| 8 | NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK | 434 |
| 9 | CMNET | 403 |
| 10 | VNPT-VN | 380 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8523 |
| 2 | United States | 4021 |
| 3 | Russian Federation | 1993 |
| 4 | India | 1551 |
| 5 | Brazil | 1348 |
| 6 | Viet Nam | 1347 |
| 7 | Indonesia | 926 |
| 8 | France | 901 |
| 9 | Taiwan | 575 |
| 10 | Mexico | 504 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 221407 |
| 2 | 220 | 80262 |
| 3 | 1433 | 60551 |
| 4 | 221 | 46833 |
| 5 | 22 | 46639 |
| 6 | 1022 | 40976 |
| 7 | 222 | 28385 |
| 8 | 23 | 27100 |
| 9 | 3389 | 23508 |
| 10 | 6004 | 22919 |
Suspected Bot List [2020-11-22]
detection period: 2020-11-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2342
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2342
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Sunday, November 22, 2020
Botnet Statistics [2020-11-21]
detection period: 2020-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 32395
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30217
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 32395
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30217
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1506 |
| 2 | TENCENT-CN | 721 |
| 3 | DIGITALOCEAN-192-241-128-0 | 613 |
| 4 | VIETTEL-VN | 608 |
| 5 | Baidu | 580 |
| 6 | VNPT-VN | 531 |
| 7 | HINET-NET | 505 |
| 8 | ALISOFT | 436 |
| 9 | VE-CSVE-LACNIC | 393 |
| 10 | UNICOM-HA | 387 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 7813 |
| 2 | United States | 3773 |
| 3 | India | 2171 |
| 4 | Russian Federation | 2044 |
| 5 | Viet Nam | 1702 |
| 6 | Brazil | 1406 |
| 7 | Indonesia | 1099 |
| 8 | France | 821 |
| 9 | Taiwan | 653 |
| 10 | Thailand | 542 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 421440 |
| 2 | 1433 | 116001 |
| 3 | 220 | 85850 |
| 4 | 1022 | 67840 |
| 5 | 15 | 53367 |
| 6 | 14 | 49141 |
| 7 | 17 | 48533 |
| 8 | 13 | 48320 |
| 9 | 16 | 48015 |
| 10 | 22 | 45112 |
Suspected Bot List [2020-11-21]
detection period: 2020-11-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2178
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2178
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Saturday, November 21, 2020
Botnet Statistics [2020-11-20]
detection period: 2020-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 34435
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32057
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 34435
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32057
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1493 |
| 2 | VIETTEL-VN | 735 |
| 3 | TENCENT-CN | 711 |
| 4 | VNPT-VN | 646 |
| 5 | DIGITALOCEAN-192-241-128-0 | 606 |
| 6 | Baidu | 600 |
| 7 | HINET-NET | 465 |
| 8 | TELKOMNET | 445 |
| 9 | ALISOFT | 441 |
| 10 | VE-CSVE-LACNIC | 436 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 7990 |
| 2 | United States | 3902 |
| 3 | India | 2360 |
| 4 | Russian Federation | 2189 |
| 5 | Viet Nam | 1983 |
| 6 | Brazil | 1639 |
| 7 | Indonesia | 1335 |
| 8 | France | 809 |
| 9 | Taiwan | 626 |
| 10 | Turkey | 580 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 370755 |
| 2 | 11 | 51997 |
| 3 | 22 | 43020 |
| 4 | 1433 | 35886 |
| 5 | 1022 | 35122 |
| 6 | 12 | 30109 |
| 7 | 23 | 26883 |
| 8 | 6000 | 11912 |
| 9 | 3389 | 10708 |
| 10 | 1122 | 10654 |
Suspected Bot List [2020-11-20]
detection period: 2020-11-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2378
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2378
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Friday, November 20, 2020
Botnet Statistics [2020-11-19]
detection period: 2020-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 35371
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32929
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35371
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32929
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1513 |
| 2 | VIETTEL-VN | 780 |
| 3 | TENCENT-CN | 738 |
| 4 | VNPT-VN | 717 |
| 5 | Baidu | 621 |
| 6 | DIGITALOCEAN-192-241-128-0 | 613 |
| 7 | HINET-NET | 545 |
| 8 | TELKOMNET | 486 |
| 9 | ALISOFT | 445 |
| 10 | VE-CSVE-LACNIC | 444 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8036 |
| 2 | United States | 3987 |
| 3 | India | 2371 |
| 4 | Russian Federation | 2292 |
| 5 | Viet Nam | 2132 |
| 6 | Brazil | 1661 |
| 7 | Indonesia | 1377 |
| 8 | France | 810 |
| 9 | Taiwan | 706 |
| 10 | Mexico | 597 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 390368 |
| 2 | 1022 | 56148 |
| 3 | 22 | 47088 |
| 4 | 1433 | 35367 |
| 5 | 23 | 30316 |
| 6 | 1122 | 29971 |
| 7 | 1322 | 17373 |
| 8 | 5900 | 12516 |
| 9 | 1222 | 10996 |
| 10 | 1622 | 10861 |
Suspected Bot List [2020-11-19]
detection period: 2020-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2442
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2442
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Thursday, November 19, 2020
Botnet Statistics [2020-11-18]
detection period: 2020-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 36297
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33728
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 36297
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33728
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1539 |
| 2 | VIETTEL-VN | 858 |
| 3 | VNPT-VN | 766 |
| 4 | TENCENT-CN | 736 |
| 5 | Baidu | 637 |
| 6 | DIGITALOCEAN-192-241-128-0 | 602 |
| 7 | HINET-NET | 540 |
| 8 | TELKOMNET | 492 |
| 9 | VE-CSVE-LACNIC | 432 |
| 10 | ALISOFT | 431 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8192 |
| 2 | United States | 3806 |
| 3 | India | 2377 |
| 4 | Viet Nam | 2320 |
| 5 | Russian Federation | 2298 |
| 6 | Brazil | 1696 |
| 7 | Indonesia | 1479 |
| 8 | Thailand | 878 |
| 9 | France | 793 |
| 10 | Taiwan | 689 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 533895 |
| 2 | 1022 | 59518 |
| 3 | 22 | 51193 |
| 4 | 1433 | 40753 |
| 5 | 23 | 37053 |
| 6 | 1020 | 25012 |
| 7 | 1322 | 22564 |
| 8 | 1222 | 17771 |
| 9 | 6 | 17644 |
| 10 | 7 | 16752 |
Suspected Bot List [2020-11-18]
detection period: 2020-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2569
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2569
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Wednesday, November 18, 2020
Botnet Statistics [2020-11-17]
detection period: 2020-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 35183
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32797
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35183
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32797
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1542 |
| 2 | VIETTEL-VN | 792 |
| 3 | TENCENT-CN | 761 |
| 4 | Baidu | 637 |
| 5 | VNPT-VN | 606 |
| 6 | DIGITALOCEAN-192-241-128-0 | 593 |
| 7 | HINET-NET | 552 |
| 8 | VE-CSVE-LACNIC | 485 |
| 9 | TELKOMNET | 450 |
| 10 | ALISOFT | 436 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8153 |
| 2 | United States | 3838 |
| 3 | India | 2181 |
| 4 | Russian Federation | 2163 |
| 5 | Viet Nam | 2049 |
| 6 | Brazil | 1649 |
| 7 | Indonesia | 1347 |
| 8 | Thailand | 819 |
| 9 | France | 804 |
| 10 | Taiwan | 723 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 582724 |
| 2 | 1222 | 59263 |
| 3 | 22 | 49122 |
| 4 | 1433 | 45991 |
| 5 | 23 | 36440 |
| 6 | 1022 | 32267 |
| 7 | 1 | 22028 |
| 8 | 777 | 13915 |
| 9 | 3389 | 11580 |
| 10 | 2200 | 10053 |
Suspected Bot List [2020-11-17]
detection period: 2020-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2386
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2386
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Tuesday, November 17, 2020
Botnet Statistics [2020-11-16]
detection period: 2020-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 35977
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33461
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35977
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33461
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1624 |
| 2 | VIETTEL-VN | 827 |
| 3 | TENCENT-CN | 777 |
| 4 | Baidu | 656 |
| 5 | VNPT-VN | 638 |
| 6 | DIGITALOCEAN-192-241-128-0 | 621 |
| 7 | HINET-NET | 522 |
| 8 | ALISOFT | 455 |
| 9 | TELKOMNET | 441 |
| 10 | VE-CSVE-LACNIC | 430 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8554 |
| 2 | United States | 3958 |
| 3 | Russian Federation | 2268 |
| 4 | Viet Nam | 2190 |
| 5 | India | 1899 |
| 6 | Brazil | 1782 |
| 7 | Indonesia | 1346 |
| 8 | Thailand | 821 |
| 9 | France | 812 |
| 10 | Taiwan | 662 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 287378 |
| 2 | 1234 | 166906 |
| 3 | 1235 | 86812 |
| 4 | 22 | 55689 |
| 5 | 21 | 50820 |
| 6 | 1433 | 48297 |
| 7 | 783 | 47704 |
| 8 | 316 | 47699 |
| 9 | 211 | 47695 |
| 10 | 264 | 47667 |
Suspected Bot List [2020-11-16]
detection period: 2020-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2516
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2516
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Monday, November 16, 2020
Botnet Statistics [2020-11-15]
detection period: 2020-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 33001
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30867
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 33001
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30867
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1668 |
| 2 | TENCENT-CN | 826 |
| 3 | Baidu | 686 |
| 4 | DIGITALOCEAN-192-241-128-0 | 615 |
| 5 | HINET-NET | 607 |
| 6 | VIETTEL-VN | 551 |
| 7 | ALISOFT | 484 |
| 8 | NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK | 437 |
| 9 | UNICOM-HA | 418 |
| 10 | CMNET | 379 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8856 |
| 2 | United States | 4075 |
| 3 | Russian Federation | 1992 |
| 4 | Brazil | 1474 |
| 5 | Viet Nam | 1468 |
| 6 | India | 1306 |
| 7 | Indonesia | 899 |
| 8 | France | 839 |
| 9 | Taiwan | 760 |
| 10 | South Korea | 570 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 1234 | 202405 |
| 2 | 445 | 188757 |
| 3 | 1230 | 102449 |
| 4 | 22 | 84557 |
| 5 | 1433 | 78778 |
| 6 | 6002 | 63558 |
| 7 | 23 | 47885 |
| 8 | 1022 | 38787 |
| 9 | 1 | 30130 |
| 10 | 25 | 25634 |
Suspected Bot List [2020-11-15]
detection period: 2020-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2134
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2134
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Sunday, November 15, 2020
Botnet Statistics [2020-11-14]
detection period: 2020-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 32204
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30045
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 32204
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30045
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1497 |
| 2 | TENCENT-CN | 731 |
| 3 | Baidu | 629 |
| 4 | HINET-NET | 615 |
| 5 | DIGITALOCEAN-192-241-128-0 | 614 |
| 6 | VIETTEL-VN | 600 |
| 7 | KORNET | 482 |
| 8 | ALISOFT | 462 |
| 9 | UNICOM-HA | 439 |
| 10 | VE-CSVE-LACNIC | 402 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8124 |
| 2 | United States | 3780 |
| 3 | Russian Federation | 1926 |
| 4 | Viet Nam | 1561 |
| 5 | India | 1409 |
| 6 | Brazil | 1408 |
| 7 | Indonesia | 1050 |
| 8 | France | 800 |
| 9 | Taiwan | 792 |
| 10 | South Korea | 737 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 1234 | 291375 |
| 2 | 1230 | 192944 |
| 3 | 445 | 186597 |
| 4 | 22 | 67046 |
| 5 | 1433 | 52643 |
| 6 | 1022 | 47511 |
| 7 | 23 | 36934 |
| 8 | 666 | 33627 |
| 9 | 3389 | 33432 |
| 10 | 1232 | 26808 |
Suspected Bot List [2020-11-14]
detection period: 2020-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2159
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2159
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Saturday, November 14, 2020
Botnet Statistics [2020-11-13]
detection period: 2020-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 35054
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32720
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 35054
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32720
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1503 |
| 2 | VIETTEL-VN | 772 |
| 3 | TENCENT-CN | 738 |
| 4 | HINET-NET | 731 |
| 5 | Baidu | 643 |
| 6 | DIGITALOCEAN-192-241-128-0 | 634 |
| 7 | KORNET | 516 |
| 8 | ALISOFT | 467 |
| 9 | VNPT-VN | 449 |
| 10 | TELKOMNET | 388 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8406 |
| 2 | United States | 3940 |
| 3 | Russian Federation | 2084 |
| 4 | India | 1998 |
| 5 | Viet Nam | 1918 |
| 6 | Brazil | 1694 |
| 7 | Indonesia | 1208 |
| 8 | Taiwan | 924 |
| 9 | France | 795 |
| 10 | South Korea | 784 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 372826 |
| 2 | 1234 | 185394 |
| 3 | 1433 | 136751 |
| 4 | 1022 | 67491 |
| 5 | 22 | 63315 |
| 6 | 922 | 41766 |
| 7 | 23 | 39268 |
| 8 | 222 | 25950 |
| 9 | 322 | 25929 |
| 10 | 21 | 25836 |
Suspected Bot List [2020-11-13]
detection period: 2020-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2334
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2334
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Friday, November 13, 2020
Botnet Statistics [2020-11-12]
detection period: 2020-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 36021
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33595
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 36021
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33595
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1549 |
| 2 | VIETTEL-VN | 783 |
| 3 | TENCENT-CN | 758 |
| 4 | HINET-NET | 684 |
| 5 | Baidu | 660 |
| 6 | DIGITALOCEAN-192-241-128-0 | 634 |
| 7 | KORNET | 483 |
| 8 | VNPT-VN | 475 |
| 9 | ALISOFT | 453 |
| 10 | VE-CSVE-LACNIC | 409 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8582 |
| 2 | United States | 4110 |
| 3 | India | 2242 |
| 4 | Russian Federation | 2107 |
| 5 | Viet Nam | 1898 |
| 6 | Brazil | 1735 |
| 7 | Indonesia | 1225 |
| 8 | Taiwan | 876 |
| 9 | France | 820 |
| 10 | Thailand | 817 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 384928 |
| 2 | 1234 | 184875 |
| 3 | 1022 | 63463 |
| 4 | 22 | 61199 |
| 5 | 1433 | 60256 |
| 6 | 6000 | 45727 |
| 7 | 23 | 37821 |
| 8 | 222 | 36736 |
| 9 | 322 | 35702 |
| 10 | 122 | 34245 |
Suspected Bot List [2020-11-12]
detection period: 2020-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2426
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2426
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Thursday, November 12, 2020
Botnet Statistics [2020-11-11]
detection period: 2020-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 36728
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34283
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 36728
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34283
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1537 |
| 2 | VIETTEL-VN | 768 |
| 3 | TENCENT-CN | 764 |
| 4 | HINET-NET | 727 |
| 5 | Baidu | 679 |
| 6 | DIGITALOCEAN-192-241-128-0 | 628 |
| 7 | VNPT-VN | 473 |
| 8 | ALISOFT | 469 |
| 9 | KORNET | 466 |
| 10 | TELKOMNET | 432 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8612 |
| 2 | United States | 4191 |
| 3 | India | 2331 |
| 4 | Russian Federation | 2126 |
| 5 | Viet Nam | 1871 |
| 6 | Brazil | 1758 |
| 7 | Indonesia | 1318 |
| 8 | Taiwan | 920 |
| 9 | France | 826 |
| 10 | Thailand | 807 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 2244 | 970288 |
| 2 | 445 | 456735 |
| 3 | 1234 | 184083 |
| 4 | 1433 | 93516 |
| 5 | 22 | 46119 |
| 6 | 1022 | 45421 |
| 7 | 23 | 35873 |
| 8 | 3389 | 24405 |
| 9 | 222 | 23006 |
| 10 | 999 | 22768 |
Suspected Bot List [2020-11-11]
detection period: 2020-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2445
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2445
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Wednesday, November 11, 2020
Botnet Statistics [2020-11-10]
detection period: 2020-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 36848
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34348
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 36848
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34348
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1566 |
| 2 | VIETTEL-VN | 836 |
| 3 | TENCENT-CN | 771 |
| 4 | HINET-NET | 697 |
| 5 | Baidu | 691 |
| 6 | DIGITALOCEAN-192-241-128-0 | 621 |
| 7 | VNPT-VN | 538 |
| 8 | VE-CSVE-LACNIC | 452 |
| 9 | ALISOFT | 431 |
| 10 | TELKOMNET | 426 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8705 |
| 2 | United States | 4136 |
| 3 | India | 2432 |
| 4 | Russian Federation | 2116 |
| 5 | Viet Nam | 2003 |
| 6 | Brazil | 1789 |
| 7 | Indonesia | 1349 |
| 8 | Taiwan | 890 |
| 9 | France | 834 |
| 10 | Thailand | 821 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 329703 |
| 2 | 1234 | 70182 |
| 3 | 1433 | 66240 |
| 4 | 800 | 58295 |
| 5 | 22 | 50802 |
| 6 | 1900 | 46561 |
| 7 | 23 | 33531 |
| 8 | 1022 | 33472 |
| 9 | 50 | 30893 |
| 10 | 3389 | 18603 |
Suspected Bot List [2020-11-10]
detection period: 2020-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2500
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2500
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Tuesday, November 10, 2020
Botnet Statistics [2020-11-09]
detection period: 2020-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 37657
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34989
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 37657
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34989
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1647 |
| 2 | VIETTEL-VN | 835 |
| 3 | TENCENT-CN | 802 |
| 4 | Baidu | 719 |
| 5 | HINET-NET | 666 |
| 6 | DIGITALOCEAN-192-241-128-0 | 624 |
| 7 | VNPT-VN | 548 |
| 8 | ALISOFT | 445 |
| 9 | VE-CSVE-LACNIC | 436 |
| 10 | TELKOMNET | 431 |
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 9061 |
| 2 | United States | 4074 |
| 3 | India | 2409 |
| 4 | Russian Federation | 2296 |
| 5 | Viet Nam | 2042 |
| 6 | Brazil | 1735 |
| 7 | Indonesia | 1322 |
| 8 | France | 853 |
| 9 | Taiwan | 840 |
| 10 | Thailand | 824 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 588802 |
| 2 | 22 | 45625 |
| 3 | 1433 | 36912 |
| 4 | 23 | 33791 |
| 5 | 1022 | 32818 |
| 6 | 49 | 26499 |
| 7 | 2200 | 26446 |
| 8 | 1144 | 16257 |
| 9 | 1234 | 15225 |
| 10 | 3022 | 15221 |
Suspected Bot List [2020-11-09]
detection period: 2020-11-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2668
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2668
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Monday, November 9, 2020
Botnet Statistics [2020-11-08]
detection period: 2020-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 33690
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31532
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 33690
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31532
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1642 |
| 2 | TENCENT-CN | 820 |
| 3 | Baidu | 740 |
| 4 | HINET-NET | 612 |
| 5 | DIGITALOCEAN-192-241-128-0 | 606 |
| 6 | VIETTEL-VN | 550 |
| 7 | ALISOFT | 515 |
| 8 | UNICOM-HA | 436 |
| 9 | CMNET | 375 |
| 10 | NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK | 372 |
The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 9033 |
| 2 | United States | 4132 |
| 3 | Russian Federation | 1919 |
| 4 | India | 1553 |
| 5 | Brazil | 1514 |
| 6 | Viet Nam | 1426 |
| 7 | Indonesia | 918 |
| 8 | France | 896 |
| 9 | Taiwan | 788 |
| 10 | Mauritius | 617 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 2255 | 1140480 |
| 2 | 445 | 217664 |
| 3 | 22 | 47560 |
| 4 | 2200 | 44300 |
| 5 | 23 | 37256 |
| 6 | 300 | 32272 |
| 7 | 1022 | 31697 |
| 8 | 1433 | 27554 |
| 9 | 36 | 19645 |
| 10 | 3022 | 10879 |
Suspected Bot List [2020-11-08]
detection period: 2020-11-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2158
List from greylisting:
List from SSH probes:
List from TCP port scans:
number of suspected bots' IPs listed here: 2158
IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.
List from fake open relays:
| country code | IP address | Country |
|---|
List from greylisting:
| country code | IP address | Country |
|---|
List from SSH probes:
| country code | IP address | Country |
|---|
List from TCP port scans:
Sunday, November 8, 2020
Botnet Statistics [2020-11-07]
detection period: 2020-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 33391
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31196
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
The top 10 TCP ports, ordered by number of connection attempts received are:
total number of suspected botnet IPs: 33391
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31196
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 1444 |
| 2 | HINET-NET | 752 |
| 3 | TENCENT-CN | 691 |
| 4 | Baidu | 667 |
| 5 | VIETTEL-VN | 642 |
| 6 | DIGITALOCEAN-192-241-128-0 | 628 |
| 7 | ALISOFT | 462 |
| 8 | VE-CSVE-LACNIC | 441 |
| 9 | UNICOM-HA | 420 |
| 10 | CMNET | 379 |
The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 8227 |
| 2 | United States | 3920 |
| 3 | India | 2120 |
| 4 | Russian Federation | 1864 |
| 5 | Viet Nam | 1626 |
| 6 | Brazil | 1495 |
| 7 | Indonesia | 1048 |
| 8 | Taiwan | 947 |
| 9 | France | 824 |
| 10 | Mauritius | 565 |
The top 10 TCP ports, ordered by number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 370917 |
| 2 | 1433 | 75735 |
| 3 | 23 | 44210 |
| 4 | 22 | 44093 |
| 5 | 1600 | 40362 |
| 6 | 587 | 35440 |
| 7 | 1110 | 30409 |
| 8 | 1112 | 28699 |
| 9 | 300 | 25072 |
| 10 | 47 | 22987 |
Subscribe to:
Posts (Atom)